Visible to the public Detection and prevention of DoS attacks in Software-Defined Cloud networks

TitleDetection and prevention of DoS attacks in Software-Defined Cloud networks
Publication TypeConference Paper
Year of Publication2017
AuthorsRengaraju, P., Ramanan, V. R., Lung, C. H.
Conference Name2017 IEEE Conference on Dependable and Secure Computing
Date Publishedaug
Keywordscentralized controller, cloud computing, Cloud Computing networks, composability, computer network security, control functions, control plane, data plane, DDoS, DDoS attack detection, denial-of-service, distributed DoS attacks, distributed Firewall, distributed security mechanism, Firewall and IPS, Firewalls (computing), Human Behavior, ICMP flooding attacks, intrusion prevention system, IP networks, IPS security, Metrics, network device, network scenarios, OFP, OpenFlow protocol, Protocols, pubcrawl, Resiliency, SDC, SDN, Software Defined Clouds, software defined networking, Software-Defined Networking technology, Switches, SYN flooding attacks, vulnerable attacks
Abstract

One of the recent focuses in Cloud Computing networks is Software Defined Clouds (SDC), where the Software-Defined Networking (SDN) technology is combined with the traditional Cloud network. SDC is aimed to create an effective Cloud environment by extending the virtualization concept to all resources. In that, the control plane is decoupled from the data plane in a network device and controlled by the centralized controller using the OpenFlow Protocol (OFP). As the centralized controller performs all control functions in a network, it requires strong security. Already, Cloud Computing faces many security challenges. Most vulnerable attacks in SDC is Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks. To overcome the DoS attacks, we propose a distributed Firewall with Intrusion Prevention System (IPS) for SDC. The proposed distributed security mechanism is investigated for two DoS attacks, ICMP and SYN flooding attacks for different network scenarios. From the simulation results and discussion, we showed that the distributed Firewall with IPS security detects and prevents the DoS attack effectively.

DOI10.1109/DESEC.2017.8073810
Citation Keyrengaraju_detection_2017